`exec-env` does not work when encrypted file is in a parent directory
ScottGuymer opened this issue · 3 comments
I have a folder structure like
my-app/
├─ subfolder/
│ ├─ script.sh
├─ secrets.enc.yaml
from my-app
I can run
sops secrets.enc.yaml
sops -d secrets.enc.yaml
sops exe-env secrets.enc.yaml
all work correctly. But, if I change directory into subfolder
then
sops ../secrets.enc.yaml
sops -d ../secrets.enc.yaml
work as expected. However,
sops exe-env ../secrets.enc.yaml
gives an error like
sops exe-env ../secrets.enc.yaml
error: missing file to decrypt
I can't seem to see a reason why exec-env
has a different behaviour and does not work as the other commands do.
I cannot reproduce this. First, none of the exec-env
commands you showed actually work:
- It's
exec-env
, notexe-env
(I guess that typo happened when you wrote this post and it's not actually what you ran); exec-env
expects two positional parameters, you provided one (the file to decrypt).
If I run sops exec-env ../x.yml /bin/bash
I end up in a shell where the values in ../x.yml
are available. Same for sops exec-env ../x.yml export
. But if I run sops exec-env ../x.yml
or sops exec-env ../x.yml /bin/bash -c export
or something else where there are not exactly two positional arguments, I get the message you mentioned (error: missing file to decrypt
).
So my guess is that you ran something with not exactly two positional arguments to exec-env
.
Apologies, it seems I was being a total moron when I was testing this out..
What I was trying to do was make this work from a package.json...
And I think I got my wires totally crossed when I dropped out of that to a shell when it did not work correctly the first time.
In the cold light of day, and your comments I see the issue.
here is what I had in my package.json
{
...
"scripts": {
"dev": "sops exec-env ../secrets.dev.enc.yaml concurrently \"yarn start\" \"yarn start-backend\"",
},
...
}
Which yielded the error above...
But adding in some '
seems to do the trick and make it work.
{
...
"scripts": {
"dev": "sops exec-env ../secrets.dev.enc.yaml 'concurrently \"yarn start\" \"yarn start-backend\"'",
},
...
}
(I dont think the error message itself helped out either 😆)
(I dont think the error message itself helped out either 😆)
I fully agree! :)